17.2. Netatalk

With Netatalk, obtain a
high-performance file and print server for MacOS clients. With it, access
data on a Linux machine from a Macintosh or print to a connected printer.
Netatalk is a suite of Unix
programs that run on kernel-based DDP (Datagram Delivery Protocol) and
implement the AppleTalk protocol family (ADSP, ATP, ASP, RTMP, NBP, ZIP, AEP,
and PAP).

AppleTalk is, in effect, an equivalent to the more familiar protocol TCP
(Transmission Control Protocol). It has counterparts to many TCP/IP-based
services, including services for resolving host names and time
synchronization. For example, the command aecho (AEP,
AppleTalk Echo Protocol) is used instead of ping (ICMP
ECHO_REQUEST, Internet Control Message Protocol).

The three daemons described below are normally started on the server:

atalkd (“AppleTalk Network
Manager”), which corresponds to the program
ip

papd (“Printer Access Protocol
daemon”), which makes printers available in the (AppleTalk)
network.

Server directories can be exported with Netatalk
at the same time as with Samba for Windows clients (see Section 17.1.1.2. “Clients”) and via NFS (see
Section 14.9. “NFS — Shared File Systems”), which is very useful in heterogeneous network environments.
This centralizes the management of data backup and user permissions on the
Linux server.

There are a number of limitations when working with
Netatalk:

Due to Macintosh client restrictions, the user passwords on the server
cannot be longer than eight characters.

File names may not contain colons (:) because they serve
as path name separators in MacOS.

17.2.1. Configuring the File Server

In the default configuration, Netatalk is already fully functional as a
file server for home directories of the Linux system. To use the extended
features, define some settings in the configuration files. These are located
in the /etc/netatalk directory.

All configuration files are pure text files. Text that follows a hash mark
# (comments) and empty lines can be disregarded. The
various services (printing, Appletalk broadcast, Appletalk via TCP/IP, time
server) can be activated through the file
/etc/netatalk/netatalk.conf:

ATALKD_RUN=yes
PAPD_RUN=yes
AFPD_RUN=yes
TIMELORD_RUN=no

17.2.1.1. Configuring the Network — atalkd.conf

Define, in /etc/netatalk/atalkd.conf, over which
interfaces services are provided. This is usually
eth0. In the example file that comes with
Netatalk, this is the case. Enter
additional interfaces to use several network cards at the same time. When
the server is started, it searches the network for existing zones and
servers and modifies the corresponding lines by entering the set AppleTalk
network addresses. You will then find a line such as

eth0 -phase 2 -net 0-65534 -addr 65280.57

at the end of the file. For more complex configurations, refer to examples
in the configuration file. Find documentation about additional options in
the manual page of afpd.

17.2.1.2. Defining File Servers — afpd.conf

The afpd.conf file contains definitions for how your
file server appears on MacOS machines as an item under the
‘Chooser’ dialog. As is the case with the other
configuration files, these also contain detailed comments explaining the
wide variety of options.

If you do not change anything here, the default server is
simply started and displayed with the host name in the
‘Chooser’. Therefore, you do not necessarily need to
enter anything. However, you can give additional file servers a variety of
names and options here, for example, to provide a specific
guest server on which everybody can save files as
“guest”.

"Guest server" -uamlist uams_guest.so

Define a server that denies guests access, but which is only accessible for
users who already exist in the Linux system with:

"Font server" -uamlist uams_clrtxt.so,uams_dhx.so

This behavior is controlled by the option uamlist
followed by a list of authentication modules to use separated by commas.
If you do not provide this option, all procedures are active by default.

An AppleShare server not only provides its services by default via
AppleTalk, but also via TCP/IP (encapsulated). The
default port is 548. Assign dedicated ports to additional AppleShare
servers (on the same machine) if these should also run via TCP. The
availability of the service via TCP/IP enables access to the server even
over non-AppleTalk networks, such as the Internet. In this case, the syntax
would read:

"Font server" -uamlist uams_clrtxt.so,uams_dhx.so -port 12000

The AppleShare server, set to the port 12000, then appears in the network
with the name Font server and does not allow guest
access. In this way, it is also accessible via TCP/IP routers.

The file AppleVolumes.default (described in detail
below) defines which directories located on the server are made available
by each AppleShare server as network volumes. By using
the -defaultvol option for a given AppleShare
server, specify another file that defines different
directories. The corresponding command (read as one line) is:

17.2.1.3. Directories and Access Permissions —
AppleVolumes.default

Here, define directories to export. The access permissions are defined with
the customary Unix user and group permissions. This is configured in the
AppleVolumes.default file. Along with
AppleVolumes.default, additional files can be
created, such as AppleVolumes.guest, used by
some servers (by giving the option -defaultvol in the
afpd.conf file. See the previous section).

Important

Here, the syntax has partially changed. Take this into consideration if
you are updating this version from a previous one. For example, it is now
allow: instead of access= (a typical
symptom would be if, instead of the drive descriptions, you were to see a
display of the drive options on the Mac clients in the
‘Chooser’). Because the new files are created with the
.rpmnew endings during an update, it is possible that
your previous settings may no longer function as a result of the modified
syntax.
Create backups of your configuration files, copy your old configuration
into the new files, then rename these files to the proper names.
This way, benefit from the current comments contained in the
configuration files, which provide a detailed explanation of the options.

The example shown here:

/usr/local/psfonts "PostScript Fonts"

indicates that the Linux directory
/usr/local/psfonts, located in the root directory, is
available as an AppleShare volume with the name
“PostScript Fonts”.

Options are separated by a space and attached to the end of a line. A very
useful option is the access restriction:

/usr/local/psfonts "PostScript Fonts" allow:User1,@group0

This restricts access to the volume “PostScript Fonts” to the
user “User1” and all members of the group
“group0”. The users and groups entered here must be known to
the Linux system. Likewise, explicitly deny users access with
deny:User2.
These restrictions only apply to access via AppleTalk and not to the normal
access rights users have if they can log in to the server itself.

Netatalk maps the customary Resource Fork of
MacOS files to .AppleDouble
directories in the Linux file system. Using the
noadouble option, set these directories to be created
only when they are actually needed. The syntax is:

/usr/local/guests "Guests" options:noadouble

Additional options and features can be found in the explanations included
in the file itself.

The tilde (~) in this configuration file stands for the
home directory for each and every user on the server. This way, every user
can easily access his home directory without each one being defined
explicitly here. The example file installed already includes a tilde, which
is why Netatalk makes the home
directory available by default as long as you do not modify anything in
this file.

afpd also searches for a file
Applevolumes or .Applevolumes in
the home directory of a user logged in to the system. Entries in this file
supplement the entries in the server files
AppleVolumes.system and
AppleVolumes.default to enable individual type and
creator file settings and to access specific directories. These
entries are extensions and do not allow access for the user for whom access
permission is denied from the server side.

The netatalk.pamd file is used, via PAM (pluggable
authentication modules), for authentication purposes. Using PAM is,
however, irrelevant in this context.

17.2.1.4. File Specifications — AppleVolumes.system

In the AppleVolumes.System file, define which
customary MacOS type and creator specifications are assigned to certain
file endings. An entire series of default values are already predefined.
If a file is displayed by a generic white icon, there is not yet an entry
for it in this file. If you encounter a problem with a text file belonging
to another system, which cannot be opened properly in MacOS or vice versa,
check the entries there.

17.2.2. Configuring the Print Server

Make a laserwriter service available by configuring the
papd.conf file. The printer must be already functioning
locally with lpd, so configure a
printer as described in Chapter 5. Printer Operation. If you
can print a text file locally using the command
lprfile.txt, the first step has
been successfully completed.

You do not necessarily need to enter anything in
papd.conf if a local printer is configured in Linux,
because print jobs can simply be forwarded to the print daemon
lpd without additional settings. The
printer registers itself in the AppleTalk network as Laserwriter. You can,
however, extend your printer entries as follows:

Printer_Reception:pr=lp:pd=/etc/netatalk/kyocera.ppd

This causes the printer named Printer_Reception to appear as a
‘Chooser’ item. The corresponding printer description file
is usually provided by the vendor. Otherwise, refer to the file
Laserwriter located in the ‘System
Extensions’ folder. However, when using this file you often cannot
use all of the printer's features.

17.2.3. Starting the Server

The server can be started at system boot time via its init
script or manually with
rcatalkstart. The init script is
located at /etc/init.d/netatalk.
The actual starting of the server takes place in the background. It takes
about a minute until the AppleTalk interfaces are set up and responsive.
Check for the status as shown in the following (all servers are running if
OK is reported three times):

rcatalk status
Checking for service atalk:OKOKOK

From a Mac running MacOS, check for AppleTalk activation, choose
‘Filesharing’, then double-click
‘AppleShare’. The names of the servers should then appear
in the window. Double-click a server and log in. It should then be possible
to access a shared volume.

The procedure is a bit different for AppleShare servers configured to use
TCP only (and no DDP). To connect, press ‘Server IP
address’ and enter the respective IP address. If necessary,
append the port number, separated by a colon (:).

17.2.4. Additional Information

To take full advantage of all the options Netatalk offers, read the corresponding
manual pages. Find them by entering the command
rpm-qd netatalk. The
/etc/netatalk/netatalk.conf file is not used in our
Netatalkversion, so disregard it.
Helpful URLs: